drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Zwei Probleme in libicu
Name: |
Zwei Probleme in libicu |
|
ID: |
DSA-1511-1 |
|
Distribution: |
Debian |
|
Plattformen: |
Debian sid, Debian etch |
|
Datum: |
Mo, 3. März 2008, 22:26 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2007-4770
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2007-4771 |
|
Applikationen: |
International Components for Unicode (C/C++) |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
- ------------------------------------------------------------------------ Debian Security Advisory DSA-1511-1 security@debian.org http://www.debian.org/security/ Steve Kemp March 03, 2008 http://www.debian.org/security/faq - ------------------------------------------------------------------------
Package : libicu Vulnerability : various Problem type : local Debian-specific: no CVE Id(s) : 2007-4770 2007-4771 Debian Bug : 463688
Several local vulnerabilities have been discovered in libicu, International Components for Unicode, The Common Vulnerabilities and Exposures project identifies the following problems:
CVE-2007-4770 libicu in International Components for Unicode (ICU) 3.8.1 and earlier attempts to process backreferences to the nonexistent capture group zero (aka \0), which might allow context-dependent attackers to read from, or write to, out-of-bounds memory locations, related to corruption of REStackFrames.
CVE-2007-4771 Heap-based buffer overflow in the doInterval function in regexcmp.cpp in libicu in International Components for Unicode (ICU) 3.8.1 and earlier allows context-dependent attackers to cause a denial of service (memory consumption) and possibly have unspecified other impact via a regular expression that writes a large amount of data to the backtracking stack.
For the stable distribution (etch), these problems have been fixed in version 3.6-2etch1.
For the unstable distribution (sid), these problems have been fixed in version 3.8-6.
We recommend that you upgrade your libicu package.
Upgrade instructions - --------------------
wget url will fetch the file for you dpkg -i file.deb will install the referenced file.
If you are using the apt-get package manager, use the line for sources.list as given below:
apt-get update will update the internal database apt-get upgrade will install corrected packages
You may use an automated update by adding the resources from the footer to the proper configuration.
Debian GNU/Linux 4.0 alias etch - -------------------------------
Source archives:
http://security.debian.org/pool/updates/main/i/icu/icu_3.6.orig.tar.gz Size/MD5 checksum: 9778863 0f1bda1992b4adca62da68a7ad79d830 http://security.debian.org/pool/updates/main/i/icu/icu_3.6-2etch1.dsc Size/MD5 checksum: 591 13dcea6b1c9a282147b99c4867db6ee8 http://security.debian.org/pool/updates/main/i/icu/icu_3.6-2etch1.diff.gz Size/MD5 checksum: 9552 82e560098b24b245872b163a522a80b8
Architecture independent packages:
http://security.debian.org/pool/updates/main/i/icu/icu-doc_3.6-2etch1_all.deb Size/MD5 checksum: 3332194 5da76263265814905245b97daec4c1c3
alpha architecture (DEC Alpha)
libicu36-dev_3.6-2etch1_alpha.deb Size/MD5 checksum: 7028746 b6b13d0fa262501923c97a859b400d10 libicu36_3.6-2etch1_alpha.deb Size/MD5 checksum: 5581984 0cd37ce9f234b9207accc424dc191f49
amd64 architecture (AMD x86_64 (AMD64))
libicu36-dev_3.6-2etch1_amd64.deb Size/MD5 checksum: 6585582 9fe0ee74625a985628c9af096dd13827 libicu36_3.6-2etch1_amd64.deb Size/MD5 checksum: 5444228 250851db4a613e9a5d0029d73c1196c0
arm architecture (ARM)
libicu36-dev_3.6-2etch1_arm.deb Size/MD5 checksum: 6631114 a73ff442415ca3bc336f1fb49e3aa701 libicu36_3.6-2etch1_arm.deb Size/MD5 checksum: 5458358 c6d533fd7c1c51efbac58d2a96a386fb
hppa architecture (HP PA RISC)
libicu36-dev_3.6-2etch1_hppa.deb Size/MD5 checksum: 7090294 aadca0bc8fb9307ea7fe293406a10e5f libicu36_3.6-2etch1_hppa.deb Size/MD5 checksum: 5909956 07bd8e6c733072fca8b96cc10e210a68
i386 architecture (Intel ia32)
libicu36_3.6-2etch1_i386.deb Size/MD5 checksum: 5468656 532aa02d6d67d4b6527ac8c29c9d110e libicu36-dev_3.6-2etch1_i386.deb Size/MD5 checksum: 6465540 bfd4d908b552bba2d871771f86369ec7
ia64 architecture (Intel ia64)
libicu36-dev_3.6-2etch1_ia64.deb Size/MD5 checksum: 7238880 10b410fcd460e47c3619de88167b74f5 libicu36_3.6-2etch1_ia64.deb Size/MD5 checksum: 5865536 dbc0ec913f08682cec4f1b75d35e0531
mips architecture (MIPS (Big Endian))
libicu36-dev_3.6-2etch1_mips.deb Size/MD5 checksum: 7047506 c0b327e8229d1d4d33131453cdac6508 libicu36_3.6-2etch1_mips.deb Size/MD5 checksum: 5748172 126a2f0bb4b61cc54d70edb882191576
powerpc architecture (PowerPC)
libicu36_3.6-2etch1_powerpc.deb Size/MD5 checksum: 5747754 8bc631ad394a86e11c24c5b9ffd76f1d libicu36-dev_3.6-2etch1_powerpc.deb Size/MD5 checksum: 6888906 c5542d6d957327fd6f540029f4195772
s390 architecture (IBM S/390)
libicu36_3.6-2etch1_s390.deb Size/MD5 checksum: 5776762 16a114247a39201f3966ff4f22b80342 libicu36-dev_3.6-2etch1_s390.deb Size/MD5 checksum: 6895102 15624240d20d2e0aa7a29bbc90895908
sparc architecture (Sun SPARC/UltraSPARC)
libicu36_3.6-2etch1_sparc.deb Size/MD5 checksum: 5671256 2c7a50b1fe50dbe4b3ef8995d91e5946 libicu36-dev_3.6-2etch1_sparc.deb Size/MD5 checksum: 6771832 84a95a10934106c8cfc409032191de98
These files will probably be moved into the stable distribution on its next update.
- --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-securitydists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFHzGoFwM/Gs81MDZ0RApgrAJ9Jd4cpLRAJ7WTQAnnpd8d4K3/mvwCeNusV OLKQ6zeO2ePgNnldMI08TRU= =ay/5 -----END PGP SIGNATURE-----
-- To UNSUBSCRIBE, email to debian-security-announce-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
|
|
|
|